popup
Summary | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

shell-x64.exe

PE64 PE File
  1. Resubmit sample
Category Machine Started Completed
FILE s1_win7_x6403_us July 31, 2023, 5:24 p.m. July 31, 2023, 5:28 p.m.
Size 7.0KB
Type PE32+ executable (GUI) x86-64, for MS Windows
MD5 5885c6b29fb1e8ec086f384413cdd608
SHA256 744029ef4e0f78f921b558a69135ee090ec59494b5feda8de031861a681ba897
CRC32 2D0AFF51
ssdeep 24:eFGStrJ9u0/6FlWNPnZdkBQAVwaY/YKZqBeNDMSCvOXpmB:is0CWNrkBQ9twDSD9C2kB
Yara
  • IsPE64 - (no description)
  • PE_Header_Zero - PE File Signature

Name Response Post-Analysis Lookup
No hosts contacted.
IP Address Status Action
3.110.135.114 Active Moloch

Suricata Alerts

No Suricata Alerts

Suricata TLS

No Suricata TLS

section .tekl
Time & API Arguments Status Return Repeated

__exception__

 stacktrace: 
EnterCriticalSection+0x1e ExitThread-0x19 kernel32+0xaa404 @ 0x7706a404
shell-x64+0x41fe @ 0x1400041fe
0x7fffffdf250
0x12f708
0x12f740
shell-x64+0x41fe @ 0x1400041fe
0x58
0x58
0x58
0x58
0x58
0x58
0x58
0x58
0x58
0x58
0x58
0x58
0x58
0x58
0x58
0x58
0x58
0x58
0x58
0x58
0x58
0x58
0x58
0x58
0x58
0x58
0x58
0x58
0x58
0x58
0x58
0x58
0x58
0x58
0x58
0x58
0x58
0x58
0x58
0x58
0x58
0x58
0x58
0x58
0x58
0x58
0x58
0x58
0x58
0x58
0x58
0x58
0x58
0x58
0x58
0x58
0x58
0x58

exception.instruction_r: 4e 54 44 4c 4c 2e 52 74 6c 45 78 69 74 55 73 65
exception.symbol: EnterCriticalSection+0x1e ExitThread-0x19 kernel32+0xaa404
exception.instruction: push rsp
exception.module: kernel32.dll
exception.exception_code: 0xc0000005
exception.offset: 697348
exception.address: 0x7706a404
registers.r14: 0
registers.r15: 0
registers.rcx: 0
registers.rsi: 0
registers.r10: 5368726014
registers.rbx: 0
registers.rsp: 1244152
registers.r11: 514
registers.r8: 1242888
registers.r9: 1242944
registers.rdx: 8796092887632
registers.r12: 1244576
registers.rbp: 5368725514
registers.rdi: 88
registers.rax: 1996923908
registers.r13: 1244584
1 0 0
host 3.110.135.114
Bkav W32.Common.3EDB6033
Lionic Trojan.Win32.Packed.4!c
Elastic Windows.Trojan.Metasploit
MicroWorld-eScan Trojan.GenericKD.68402288
FireEye Generic.mg.5885c6b29fb1e8ec
CAT-QuickHeal HackTool.Metasploit.S9212471
McAfee Trojan-FJIN!5885C6B29FB1
Malwarebytes Trojan.MalPack
VIPRE Trojan.GenericKD.68402288
Sangfor Suspicious.Win32.Save.a
K7AntiVirus Trojan ( 004fae881 )
Alibaba Trojan:Win64/Meterpreter.f5d5d840
K7GW Trojan ( 004fae881 )
Cybereason malicious.29fb1e
VirIT Trojan.Win32.Generic.BZPS
Cyren W64/S-c4a4ef26!Eldorado
Symantec Meterpreter
ESET-NOD32 a variant of Win64/Rozena.M
Cynet Malicious (score: 100)
APEX Malicious
Kaspersky HEUR:Trojan.Win64.Packed.gen
BitDefender Trojan.GenericKD.68402288
SUPERAntiSpyware Trojan.Agent/Gen-MalPack
Avast Win32:MsfShell-V [Hack]
Tencent Hacktool.Win64.Rozena.a
Sophos ATK/Meter-A
F-Secure Trojan.TR/Crypt.XPACK.Gen7
DrWeb BackDoor.Shell.244
TrendMicro TROJ64_SWRORT.SM1
McAfee-GW-Edition BehavesLike.Win64.Infected.zz
Trapmine malicious.high.ml.score
Emsisoft Trojan.GenericKD.68402288 (B)
SentinelOne Static AI - Suspicious PE
Jiangmin Trojan.Generic.auyjj
Avira TR/Crypt.XPACK.Gen7
Antiy-AVL GrayWare/Win32.Rozena.j
Microsoft Trojan:Win64/Meterpreter.E
Gridinsoft Trojan.Win64.Gen.bot
Arcabit Trojan.Generic.D413BC70
ViRobot Trojan.Win.Z.Rozena.7168.FSA
ZoneAlarm HEUR:Trojan.Win64.Packed.gen
GData Trojan.GenericKD.68402288
Google Detected
AhnLab-V3 Trojan/Win32.RL_Generic.R357794
ALYac Trojan.GenericKD.68402288
MAX malware (ai score=85)
Cylance unsafe
Panda Trj/CI.A
Zoner Probably Heur.ExeHeaderL
TrendMicro-HouseCall TROJ64_SWRORT.SM1
dead_host 192.168.56.103:49161
dead_host 3.110.135.114:8080